In case you missed it, you should by now all have updated your servers with the windows update to fix the Padding Oracle Crypto Attack:
Points worth noting:
A weird scenario may come up where you want all requests to an application routed to just one controller action in an ASP.Net MVC application, here's the catch-all route you'll need :)
public static void RegisterRoutes(RouteCollection routes)
{
routes.MapRoute(
"Default", // Route name
"{*catchall}", // URL with parameters
new { controller = "Home", action = "Index" } // Parameter defaults
);
}
So you've split your apps into seperate app pools in IIS, which works well for app isolation on your web server and all is well until you start getting 403 HTTP status responses (with a substatus in the IIS logs of 18). This error is a result of your application running your application and the custom error page you've configured within different app pools.
I'm afraid you're going to have to edit the registry!!! So back it up first then create a registry key with the name IgnoreAppPoolForCustomErrors, of type DWORD and value 1 under the HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ folder.
You'll get this error from the .Net framework when it detects potentially harmful content in a web request submission. Want to disable this validation? Read on...
For normal ASP.Net Web forms apps you can disable request validation by setting validateRequest=false in the page directive (top of your aspx page) or in the configuration section.
For ASP.Net MVC apps add the [ValidateInput(false)] attribute to the appropriate controller action.
Be careful when turning off this value as you are making your site vulnerable by accepting potentially harmful input. You should explicitly validate your input in your code if you disable the built in .Net request validation.
Here's a little snippet I use quite a lot in my test projects to read out an embedded resource text file as a string. The resourceName parameter is the full namespace of the resource, e.g. myproject.files.MyEmbeddedTextFile.txt
internal string GetFromResources(string resourceName)
{
Assembly assem = this.GetType().Assembly;
using (Stream stream = assem.GetManifestResourceStream(resourceName))
{
using (var reader = new StreamReader(stream))
{
return reader.ReadToEnd();
}
}
}
P.S. You may want to add some error handling to the above ;)
One of the projects I'm working on heavily uses a ReST API and performs a lot of XML processing. Recently we've had some serialisation errors when processing some of the XML, resulting in a .Net error throwing:
System.InvalidOperationException: There is an error in XML document (1, XXX). ---> System.Xml.XmlException: XXX, hexadecimal value XXX, is an invalid character.
So I examined the XML payload and could see it contained a non-pritable/control character. I raised the case with the API developers but I found myself curious to find a definitive list of what characters are valid in XML documents. I soon found the Extensible Markup Language (XML) 1.0 Specification, which contained a section regarding the supported XML characters.
You can encode a massive range of characters in XML documents, but there are some non-pritable/control characters that are not supported. Legal non-pritable/control characters include tab (xx09), carriage return (xx0D) and line feed (xx0A). For printable characters it's the legal characters of Unicode and ISO/IEC 10646.
The ASP.Net vulnerability that was announced prior to the EkoParty conference in Argentina last week, initially sounded a lot like a whole lot smoke and not much fire. I read the summary of the exploit and belittled it in a blog post, telling people not to panic. I did however decide to review the slides of the technique used to expose the vulnerability as it all sounded rather interesting. However, I wish I hadn't as it soon came to light that the vulnerability was more serious than previously thought. Microsoft agreed and released a security advisory.
The attack is relevant to all versions and flavours of ASP.Net and is able to decrypt ViewState data, not an issue as long as you don't store sensitive info in the ViewState - which you shouldn't!
The real issue arises if using ASP.Net 3.5 SP1 or above, the attacker could use this encryption vulnerability to request the contents of an arbitrary file within the ASP.Net application i.e. the web.config.
The attack makes use of cryptographic oracles. An oracle in the context of cryptography is a system which provides hints as you ask it questions. ASP.Net acts as a padding oracle in this case. Allowing an attacker to send chosen cipher text to the server and learn if it was decrypted properly by examining which error code was returned by the server (and even time taken). If the attacker makes enough requests, they can learn enough to successfully decrypt the rest of the cipher text. The attacker can then alter the plain text and re-encrypt it as well.
By returning only one application error page no matter what the error effectively silences the oracle and the attacker can no longer gain the info they need to decrypt your encrypted site data. Not ideal in web apps,
Yeah actually! Any sensitive files on your server within your application should be encrypted. For example your connection strings or your username and passwords in your web.configs should be encrypted.
So I saw this headline on Slashdot IT and it immediately made me pay attention. So I loaded up the ASP.Net security vulnerability article detailing the exploit and started reading.
In short, it totally destroys ASP.NET security
It soon became obvious that the article was a little bit sensationalist to say the least (see quote above). Basically the exploit is low-risk. You should only be worried if your applications aren't communicating over SSL and if you have put sensitive information in you ASP.Net application's cookies and are trusting the cookie data blindly. Sensitive data should all be stored server side - but you knew that anyway!
Needless to say, I've not wrote any code lately that checks for an SuperUser=true value in the cookie!!!
Just a quickie today... if you get an ArgumentException when setting the subject on the .Net MailMessage object (or on the constructor) like this...
System.ArgumentException: The specified string is not in the form required for a subject.
You'll want to cleanse your string input for non-printable characters. The most likely culprit is a carriage return or line feed. Which is "\r" or "\n" to the C# developers :)
So all has been quiet on the blog front for a few weeks now, but I have a valid reason this time - honest!
I've been busy getting to grips with my new role at Esendex as 'Head of Applications Development'. Neadless to say I'm very busy at the moment with planning, coding (although not as much coding as I'd like) and improving the applications team's agility. At the moment the days are passing me by very quickly!
I've got lots of blog post ideas so as soon as I get round to it they'll be up. Expect more Asp.Net MVC, TDD and hopefully some BDD posts popping up very soon indeed :)
I'm starting to make use of the new Areas feature in my MVC 2 applications. I've found it great for separating my applications into distinct sections rather than staring at a massive list of controllers/views all bundled into one folder. I came across an issue when I created a controller with the same name as a controller within a different or the default area:
Multiple types were found that match the controller named XXXXXXXX...
I thought it was a little cheap of Microsoft requiring you to give your controllers unique names across all areas. I was relieved to find out giving the same name within different areas is perfectly OK, you just need to specify the full namespace for the controller when setting up the route for it, like so:
public override void RegisterArea(AreaRegistrationContext context)
{
context.MapRoute(
"Members_default",
"Members/{controller}/{action}/{id}",
new { controller = "Home", action = "Index", id = UrlParameter.Optional },
new string[] { "MyWebApp.Areas.Members.Controllers" }
);
}
I knew Microsoft wouldn't let me down ;)
After performing an upgrade to MVC 2 for a web application last week, I had a number of tests failing. This gave me an opportunity to refactor some controller tests and create a base class for my controller test classes. This new base class is straight forward and allows me to mock HttpRequestBase and HttpSessionStateBase easily on the mock ControllerContext - it also has an overload for mocking AJAX requests too. I expect this class to grow in time but it serves my needs for now:
public class TestController
{
public static ControllerContext GetMockControllerContext()
{
return GetMockControllerContext("GET", false, null, null);
}
public static ControllerContext GetMockControllerContext(string httpMethod, bool isAjaxRequest)
{
return GetMockControllerContext(httpMethod, isAjaxRequest, null, null);
}
public static ControllerContext GetMockControllerContext(Mock httpRequestBase, Mock httpSessionStateBase)
{
return GetMockControllerContext("GET", false, httpRequestBase, httpSessionStateBase);
}
public static ControllerContext GetMockControllerContext(string httpMethod, bool isAjaxRequest, Mock httpRequestBase, Mock httpSessionStateBase)
{
var headerCollection = new NameValueCollection();
// Add header value for ajax requests
if (isAjaxRequest) headerCollection.Add("X-Requested-With", "XMLHttpRequest");
if (httpRequestBase == null)
{
httpRequestBase = new Mock();
httpRequestBase.Setup(r => r.HttpMethod).Returns(httpMethod);
httpRequestBase.Setup(r => r.Headers).Returns(headerCollection);
httpRequestBase.Setup(r => r.Form).Returns(new NameValueCollection());
httpRequestBase.Setup(r => r.QueryString).Returns(new NameValueCollection());
}
if (httpSessionStateBase == null)
{
httpSessionStateBase = new Mock();
}
var mockHttpContext = new Mock();
mockHttpContext.Setup(c => c.Request).Returns(httpRequestBase.Object);
mockHttpContext.SetupGet(c => c.Session).Returns(httpSessionStateBase.Object);
return new ControllerContext(mockHttpContext.Object, new RouteData(), new Mock().Object);
}
}
Wondering if you should be upgrading to ASP.Net MVC 2? It is worth some serious thought as there's some powerful new features, the upgrade process is nice and simple, plus there aren't many breaking code changes. Why not take a peek at what's new in ASP.Net MVC 2 and I bet you'll see at least a handful of features that'll get you itching to upgrade ;)
If you decide to upgrade your web application then review the MVC 2 upgrade notes. They include instructions for upgrading manually or you can choose to use the upgrade tool. I've used the upgrade tool and it seems to work great for most people - but not me, I had two problems :( After the conversion completed I compiled my project and got an error:
It is an error to use a section registered as allowDefinition='MachineToApplication' ...
...I managed to fix this without pulling my hair out though. The only other issue I had was around 10% of my project tests suddenly started failing; a result of some change to the controller context processing (this resulted in me improving my controller tests by creating a base TestController). Again this was a nuisance rather than a show stopper - the upgrade was worth the effort :)
Application pools allow you to configure one or more web applications to a worker process. An application pool is separated from other application pools by worker process boundaries. So what does this mean? ...An application in one application pool is not affected by problems caused by applications in other application pools. This along with sensible recycling of your application pools, results in your web server being more efficient and reliable.
By default IIS 6 dumps everything into one application pool. So as you add new web applications to your server you should consider logically grouping them into pools. Due to there being an overhead for each application pool it makes more sense to group the web applications into related pools rather than just create a pool for each web application.
To keep your sites working efficiently your should configure IIS to periodically recycle your application pools and recycle them when they become unstable (using too much memory/cpu etc). Recycling cleans up memory fragmentation, memory leaks, abandoned threads and other bits of unwanted clutter. Note that when an application pool recycles, ASP.Net session state information stored in-process is lost for that pool, however other pools are not affected. If this is a problem then you'll need to use another session state mechanism for your ASP.Net web applications.
It's important that you review why your application pools are being recycling. For example, if you have a pool recycling every 30 mins due to excessive memory use then you have an issue with that applcation's code and it needs looking at. Event logs for application pools are off by default, to enable them see this Microsoft KB article.
When you configuring your application pools you can configure the identity of each worker process to run as a different user and should consider how to configure application pools for application security. For example, you might need to create separate application pools for applications that require a high level of security, while allowing applications that require a lower level of security to share the same application pool.
Hopefully with this post you can see the benefits of spending some time in setting up your application pools in IIS and you've made a step in the right direction for improving your web server's reliablility and efficiency :)
I've come across this problem a number of times now and it was beginning to annoy me. A few times when building projects on continuous integration servers and today when upgrading my MVC web app to MVC 2 I hit the following error:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level This error can be caused by a virtual directory not being configured as an application in IIS.
Everytime I failed to figure out what the problem was and instead I had to admit defeat and use a work-around :(
Well the error message is quite helpful for some people getting this error at runtime and tells them how to fix the problem - configure the web apps virtual directory to be an application. However, I'd been stumbling upon this delightful error when compiling projects - not at runtime!
Luckily I had a light bulb moment... the compiler was not referring to my main web.config for the application, but instead was moaning about a web.config within a sub directory of my application (a backup of the project). Deleting the backup sub directory solved my problems!
I got 99 problems but my web.config ain't one!
There are way too many yellow screens of death out there on the net for my liking. But rather than trying to bullet proof your MVC web apps by putting try catch blocks in all your MVC actions to handle unexpected exceptions, there is a far easier way to do it and it keeps your code nice and DRY - see my code snippet below:
public class BaseController : Controller
{
protected override void OnException(ExceptionContext filterContext)
{
// Record the error
Log.Error("Unexpected error in controller", filterContext.Exception);
// Uses customErrors element from web.config
if (filterContext.HttpContext.IsCustomErrorEnabled)
{
// Set exception as handled and status code 500
filterContext.ExceptionHandled = true;
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
this.View("Error").ExecuteResult(this.ControllerContext);
}
}
}
I override the OnException method within a base controller for my other controllers to inherit from. Any unhandled exceptions in my action methods will hit this and I can gracefully log the exceptions and send the user to a helpful error view (as long as customErrors for the app are set to true) - it's worth noting I also set an appropriate HTTP status code :)
It's hard to believe but you can't do multiline comments in Powershell for some reason! Shame on you Microsoft! Here is a bit of a hack to allow you to right comments over multiple lines using a multiline string declaration:
@' This is a hack so you can do a multiline comment in powershell '@ > $null
Points to note...
Most web developers are aware of the IE alpha transparency problems with PNG images; or will be before long. A lot of developers use GIF images rather than the superior PNG format for this reason; which is a shame.
I was discussing the issue with Alex over at Prettier Pixels (a talented UK freelance website designer and builder) and he suggested this nifty IE PNG fix by TwinHelix that you can use to avoid the issues. Thanks Alex!
I long for the day when IE 6 support is no longer required!
I only managed 18 out of my 30 target for April and I've been too ashamed to post anything since :'(
Suppose I'd better get back on that horse and see if I can start getting some helpful blog posts back up on here!
Had an issue on one of my virtual servers which wouldn't process any ASP.Net documents (aspx, asmx etc), but would just return a 404. However, it would happily return other resources such as htm, txt, css. There was no web application logging, no logs in event viewer I had nothing to go on, until I remembered I hadn't checked my IIS logs.
The logs showed requests for the ASP.Net documents and that a 404 was being returned. This part wasn't helpful but the logs also provide a sub status code which was 2:
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip sc-status sc-substatus
2008-02-27 12:39:13 W3SVC2 127.0.0.1 GET /default.aspx - 80 - 127.0.0.1 404 2
A quick Google led me to Microsofts IIS 6 pages explaining the sub status codes - bingo!
404.2 : "Web service extension lockdown policy prevents this request"
Knowing this and with the power of Google I resolved the issue in less than a minute. Just open the IIS6 interface, select the Web Service Extensions menu node, on the right you will see the web service extensions available - just select the ASP.Net extension and click the allow button.
Unless a user is on an internal network, there is no way server-side (I know of) to retrieve the mac address of a user accessing a web page, simply because it isn't sent in the http headers for a request. Any attempt to analyze the underlying network communications server side is pointless as it will just return the MAC address for the last routing machine. However, it is possible to retrieve the mac address of the user simply using client-side Javascript in IE.
<html>
<head>
</head>
<body>
MAC Address
</body>
</html>
Once you've accessed the WMI and got the MAC address you can even send the value server-side if necessary.
Implications: You are connecting to the WMI (Windows Management Instrumentation) for the local machine and therefore you may have a problem if your IE security settings are restrictive. Also, this won't work in non-IE browsers; only works for Windows operating systems. Not all that restrictive then?! ;)
Troubleshooting: If you get an 'automation server can't create object' error when running the script it is probably for one of the reasons below.
P.S. Another plausible option is to use an ActiveX control in connecting to WMI.
Login failed for user 'username'. The user is not associated with a trusted SQL Server connection.
This is a common error when setting up SQL Server instances from scratch and takes just 30 secs to fix.
Basically the SQL server instance you are conecting to has been configured to operate in Windows Authentication Mode and doesn't allow the use of SQL accounts. So change the Authentication Mode of the SQL server from Windows Authentication Mode to Mixed Mode (Windows Authentication and SQL Server Authentication). To do this right click your SQL Server instance in Enterprise Manager/Management Studio, select security and you should see the option in there. Hope you didn't waste as much time as I did on this :)
Email newsletters are common place for advertising products, services and events. Considering its uses, it is easy to understand why HTML newsletters are king; who wants to send plain text emails when we can send fancy text and graphics?! Unfortunately there are a lot of email clients out there wanting the HTML in a particular manner. Below are some simple tips to get you started with your HTML email newsletter creation.
1. Tables for layout not CSS... Unfortunately, there are alot of email clients that were developed in the last ice age still being used. This means CSS is poorly and wildly interpreted in terms of displaying your newsletter's layout. It's back to tables for cross email application consistency.
2. Inline styles... Although CSS shouldn't be used for layout, it is fine to use simple CSS styling for the content of the email newsletter. Some email clients can strip out HTML head styles, so put the <styles section in the body tag, or even better, put the css styles inline.
<p style="color: red;">
3. Javascript... Put simply, no JavaScript allowed! Most email clients will just strip it out.
4. Test, test and test... First test the design in Chrome, Firefox and IE, chances are if it works in these then you should have a consistent design across the web email clients and most app email clients. Finally test with as many email applications as possible (outlook, outlook express, thunderbird, lotus notes etc).
Using the above tips you should achieve a fairly consistent viewing experience of your newsletter for recipients. If you are having consistency issues the links below may help.
A Guide to CSS Support in Email A top compatabilities article
Example table layouts
Useful email marketing blog
CSS support in HTML emails of Hotmail, Yahoo! Mail and Gmail
CSS and Email, Kissing in a Tree
A big problem with ASP.Net MVC views is the amount of inline code you put in your views that could potentially result in errors that aren't apparent until runtime. Microsoft did spot this as a problem and kindly introduced a way of checking your views for compilation errors when you compile your source, here's how to enable the feature:
Open up your project file for editing either in Visual Studio by right clicking the project file and choosing 'Edit Project File' or just use your favourite text editor. At the top of the project file you'll see a PropertyGroup XML element with a child element of MvcBuildViews, change the value of this to true...
true
This results in a build event at the bottom of your project file getting called...
That's it! You now are that little bit more confident in your deploys :)
This will add an overhead to your builds, so depending on the size of your MVC project this could extend your build time substantially. However, thanks to a discussion with some other team members at Esendex (Alex and Jon) there is a way of avoiding the overhead the majority of the time. Create a new project configuration in Visual Studio, called something like Debug with Views Compilation. This will add a new PropertyGroup section in your project file for this configuration. Set the MvcBuildViews element to true in this new section. Remember to ensure the default section value for MvcBuildViews is false but set the release section value to true.
false true true
Quite useful if you are working within your MVC app and not changing the views at all.
If you are building a standard MVC project on a developer machine then everything should work fine. If your MVC project isn't standard you may find you have to play with the PhysicalPath part of the AspNetCompiler. To get our CI build machine building this project I had to change the PhysicalPath value to $(WebProjectOutputDir), this value is passed in as a parameter when calling the build on your project.
MSBuild.exe myproject.web.csproj /target:Rebuild,ResolveReferences,_CopyWebApplication /p:Configuration=Release; Architecture=x86;WebProjectOutputDir=build\release\web\;OutDir=build\release\web\bin\
Hope this info is useful to someone out there!
Given my new dev machine runs Windows XP x64 (64 bit OS), I've been considering the implications of compiling the assemblies and executables for different target CPUs.
First of all, no matter what target CPU you select, the .Net compiler STILL compiles the source to the Common Intermidate Language (CIL). The executable or assembly being compiled is only affected by this setting to set the platform status information on the assembly’s Common Language Runtime (CLR) header. The CIL is only turned into native code by the CLR at runtime using the Just-in-time (JIT) compiler.
Now here's the important bits, so pay attention...
Rule of thumb is... by limiting the CPU target at compilation you would be saying there is something being used by the assembly (something likely unmanaged) that requires 32 bits or 64 bits.
You'll need the x64 version of .Net installed and then just reference the regsvcs utility in the x64 install directory:
{SysDir}\Microsoft.NET\Framework64\v2.0.50727\regsvcs {assembly.dll}
When trying to bind a disconnected project/solution from Visual SourceSafe in Visual Studio 2008/2010 you may get the following error:
The mappings for the solution could not be found
Fix by changing your source control plugin (Tools -> Options -> Source Control -> Plug-in Selection) to Microsoft Visual SourceSafe.
Here are my favourite plugins for mine and every other decent web developers' favourite browser - Firefox :) All are essential in my day to day web development and I'd cry if you took them away...
The web development tool I use most. It keeps me sane when debugging strange web site behavior. Use it for inspecting markup for elements, css, modifying it in real-time, debugging javascript, analysing network usage and a whole lot more.
A Firefox addon that integrates with firebug (so you'll need to install that first). Great for analysing web site performance and suggesting performance improvements.
Adds a menu and toolbar to Firefox with lots of handy web developer tools, e.g. a link validator, a html validator, a 'small screen rendering' option for simulating mobile browsing and a bunch of other things too.
A web page analyser for reviewing your search engine optimisation criteria. Handy in its own right but very useful to the non SEO educated web developers out there.
A useful tool for easily and quickly viewing pages rendered as IE would. unfortunately this won't work for the very latest firefox release but hopefully they'll update the extension soon.
The aspnet_client directory holds important javascript files used by ASP.Net sites for client side validation on web form controls. Although the directory isn't required for an ASP.Net site to run, it will affect behaviour of certain controls with client side validation enabled, so removing the directory should be avoided (unless you know what you are doing).
If you've removed it by mistake you can regenerate it by reinstalling the ASP.Net site using:
aspnet_regiis -c
I'm not always a morning person, so when the morning stand-up meeting becomes extended I get a little frustrated.
To me the daily stand-up should take place every morning, within an hour but not first-thing (this gives people a chance to gather their thoughts/make coffee and wake-up). The meeting itself should be kicked off by the last person to attend, it should involve us standing in our project teams and involve us going around each team in turn. One member from each team have 3 questions to answer:
The stand-up is great for a brief update on what is happening in the team and the 3 questions should be answered clearly and concisely within 60 secs (no room for waffle and unnecessary details). The stand-up is also great for people to make commitments. So if a team says "Today we plan to complete X" ... the development team will be expecting that that team tomorrow to say "Yesterday we completed X" – it helps people realise commitments.
How to know when your stand-up ceases to be (a stand-up)...
These things ruin stand-ups, the rhythm that's supposed to be associated with it and an extended stand-up is detrimental to its purpose!
Internet Information Services (IIS) 6.0 supports both the 32-bit mode and the 64-bit mode (as long as your OS is 64-bit too!). However IIS 6.0 does not support running both modes at the same time.
So here's how I setup IIS and ASP.Net to run in 64-bit mode:
The ASP.NET SQL Server Registration tool is used to create a Microsoft SQL Server database for use by the SQL Server providers in ASP.NET, or to add or remove options from an existing database. The tool can be found @ Windows\Microsoft.NET\Framework\VERSION\aspnet_regsql.exe.
Run the executable without arguments to load the wizard, then use the wizard to create or modify database elements for the membership, role management, profile, web parts personalization, and health monitoring features.
ASP.Net Session State supports several different storage options for session data. To make use of SQL Server Session State you'll need to create the ASPState database on your SQL server instance; but this database isn't created by the aspnet_regsql wizard. Instead you'll need to run the executable with additional arguments. Use MSDN for a full list of arguments available, below is the minimum you'll need to get it installed.
aspnet_regsql.exe -ssadd -S {SERVER} -U {USER} -P {PASSWORD}
The -ssadd command-line option == add the session state database
Ran into an issue on my newish Windows XP x64 dev machine today; my public queues were missing completely from Message Queuing! The dev team have all got new installs from the same image and I'm the only one with the problem; so I'm not sure what I've done :/
So I did some digging... Message Queuing integrates with active directory but due to an orphaned object my message queuing went into workgroup mode. There is this article on the Microsoft site that may help, but I solved the issue by uninstalling and re-installing Message Queuing.
Setting up IIS to send all requests to ASP.Net (e.g. for a HttpHandler for a ReST service or for an ASP.Net MVC web app) is straight forward with .Net and IIS.
This is already done for you in an ASP.Net MVC web app. But if you are creating a custom HttpHandler to handle all requests you'll need to go to the httpHandlers section of your web.config file add a reference to your HttpHandler for all HTTP verbs and extensions:
<system.web>
<httpHandlers>
<add verb="*" path="*" type="your.assembly.reference"/>
</httpHandlers>
</system.web>
N.B. There is a bug that if your OK button is not active you need to click the executable field text box, you should see the middle section of the text in the box change from /.../ to the full file path this should now make the OK button active.
You should now see all requests being handle via your handler. If you are having issues, you may want to look at your IIS logs - but where are my IIS logs?. Good luck!
This is a common error with new developer/server installs, where IIS (5 & 6) won't process any ASP.Net documents (aspx, asmx etc), but just return a 404. However, it would happily return other files such as htm, txt, css. Typically you won't get any application or event viewer logging, but just the often forgotten and rarely used IIS logs (see my article on Where Are My IIS logs? to find yours :)
The IIS logs show the requests for the ASP.Net documents and record a response status of 404 being returned. This part clearly isn't helpful, but the logs also provide a sub status code which were 2:
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip sc-status sc-substatus
2008-02-27 12:39:13 W3SVC2 127.0.0.1 GET /default.aspx - 80 - 127.0.0.1 404 2
A quick Google led me to Microsofts IIS 6 pages explaining the sub status codes - bingo!
404.2 : "Web service extension lockdown policy prevents this request"
With the power of Google I managed to resolve the issue in less than a minute. Just open the IIS interface, select the Web Service Extensions menu node, on the right you will see the web service extensions available - just select the ASP.Net extension and click the allow button.
Although you may have bucket loads of logging taking place in your web applications/sites, the IIS logs can be helpful in certain circumstances. Use the following steps to track down these tucked-away log files:
In this window you can also change useful settings like what request/response details are recorded in the logs. Some useful options not selected by default are bytes sent, bytes received and referrer (useful for tracking 404s in certain cases).
Extracting useful info from these log files is another blog post all together ;)
I didn't do too bad in March with the blog; publishing 9 posts in all. Some of them were worth reading too!
In April I'm going to try and hit the big three-O; I'm going to try and post 30 blog entries and I promise at least half will be worth reading ;)
Wish me luck ...only 29 to go :)
Some developers seem to be against testing private methods, that if you need to test private methods there is a design issue. I don't think I agree in all cases and extracting some method logic into another method for further testing seems valid to me. Having to make that method public (against it's design) just for testing purposes doesn't sit right, so I test private methods using the PrivateObject class found in the Visual Studio TestTools library...
[TestMethod]
public void IsValidInput_NumberString_ReturnsTrue()
{
// Arrange
var myClass = new MyClassWithPrivateMethod();
var privateObject = new PrivateObject(myClass);
// Act
bool result = (bool)privateObject.Invoke("IsValidInput", new object[] { "123" });
// Assert
Assert.IsTrue(result);
}
Just had a mild heart attack... I couldn't find a download for Powershell V2 for Windows XP x64 OS! But turns out XP x64 is half XP - half Server 2003! So I've downloaded the Windows Server 2003 x64 install and it works fine!
Panic over! :)
Lots of talk regarding the .LESS (pronounced dot-less) library has prompted me to finally get around to incorporating it within one of my projects - and I'm impressed. .LESS extends on CSS, making your CSS dynamic. It allows you to work with your CSS more easily and without needing to repeat yourself by way of 4 powerful language enhancements:
Variables specify widely used values in one place such as site colours.
@companyRed: #eeeeee;
h1, h2 { color: @companyRed; }
#banner { color: @companyRed; }
Collecting sets of rules within a class and allowing other rules to add that class as a property.
.myMixinClass {
color: #ffffff;
text-align: center;
font-weight: bold;
}
#banner { .myMixinClass; padding: 30px; }
#footer { .myMixinClass; padding: 0px; }
Perform simple math operations between related properties.
@defaultBorder: 1px;
@companyRed: #eeeeee;
#banner {
color: @companyRed;
border-left: @defaultBorder;
border-right: @defaultBorder * 2;
}
#footer {
color: (@companyRed + #111) * 1.5;
}
Avoid long selector names for specifying inheritance, allowing you simply to nest the rules making the CSS a lot more readable.
#header {
color: red;
a {
font-weight: bold;
text-decoration: none;
}
}
These language enhancements are parsed and converted to valid CSS on the fly, or can be pre-compiled. It's amazingly easily to start working with and the homepage has all the info you'll probably ever need on .LESS - it really is that simple :)
.LESS removes comments by default and has built in support for minification and caching via the optional config values. Although if you are serious about performance I'd suggest using .LESS to compile your .LESS files to .css during the build and leave the caching and compression to IIS.
I often forget to comment my check-ins and I'm getting fed up with having a big sign stuck to my monitor saying "Comment Your Check-Ins!". So I've decided to make use of Team Foundation Server Power Tools to enforce a custom check-in policy to ensure everyone checks in comments with their changesets.
Team Foundation Server Power Tools is a set of enhancements, tools and command-line utilities that improve the Team Foundation Server (TFS) user experience.
Other useful features of the add-on include the ability to enforce a 'testing policy' to ensure tests are run before check-in and an alert editor for enabling subscriptions to events (e.g. failed builds) in Team Foundation Server. A very useful add-on indeed :)
Want to know how to check if the ASP.Net debugger is attached in code?
System.Diagnostics.Debugger.IsAttached
Each file within a .Net project has a build action property for specifying the build action on the file when a build is executed. Typically the buld action will be one of these:
However, this is not the definitive list as the build action property is extensible.
The default build action property set by Visual Studio is set according to the extension of the file that you add to the solution.
e.g. a Class.cs file would get a build action of compile as it's a code file - simples :)
function ZipFiles($sourcePath,$zipFilename)
{
# Reference the SharpZipLib assembly here
[System.Reflection.Assembly]::LoadFrom("C:\ICSharpCode.SharpZipLib.dll")
$zip = New-Object ICSharpCode.SharpZipLib.Zip.FastZip
$zip.CreateZip($zipFilename,$sourcePath, $true,"")
}
function UnzipFiles($zipFilename,$destinationPath)
{
# Reference the SharpZipLib assembly here
[System.Reflection.Assembly]::LoadFrom("C:\ICSharpCode.SharpZipLib.dll")
$zip = New-Object ICSharpCode.SharpZipLib.Zip.FastZip
$zip.ExtractZip($zipFilename,$destinationPath,"")
}
Go to the Powershell website and download PowerShell. It isn't that obvious but it's part of the Windows Management Framework download. First time you run scripts you'll need to remove the restricted execution policy by running Powershell from the command line and running the command:
set-executionpolicy remotesigned
There is a bundled editor in the Powershell download but I use PowerShell GUI, it's quite a nice editor and has intellisense :)
So I've developed my web application in firefox, all seems to be working fine but before I check-in I quickly check the application in the other major browsers; they all work great. All work great APART from IE!
In IE it turns out that the jQuery .html() attribute won't replace contents of first matched element unless the new HTML is valid (i.e. opening and closing tags match). Guess I can't complain with IE not liking the HTML I'm giving it when its imperfect. If only IE practiced what it preached! :)
// This fails in IE...
$('#someDivID').html("<div id='newDivID'><p>hello world</p></div></div>");
// This works in IE...
$('#someDivID').html("hello world
");
That is all.
Could not load file or assembly App_GlobalResources
public class MyController
{
public ResourceManager StringsResource
{
get;
private set;
}
public MyController()
: this(Strings.ResourceManager)
{}
public MyController(ResourceManager stringsResourceManager)
{
StringsResource = stringsResourceManager;
}
public object MethodBeingTested()
{
return new ContentResult( StringsResource.GetString("FieldYouWant") );
}
}
var stringsResource
= new ResourceManager("test.assembly.Strings", Assembly.GetExecutingAssembly());
var controller = new MyController(stringsResource);
...not pretty, but at least you can run your unit tests without an exception slapping you around the face. Any one got a better solution?
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
...and call the tracker with your unique ID (provided when you sign up)...<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("123456789");
pageTracker._trackPageview();
} catch (err) { }
</script>
...it's the pageTracker._trackPageview(); part that sends the data to Google Analytics. Without parameters the current URL is sent. However, you can override the default behaviour and pass the URL as an argument.<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("123456789");
} catch (err) { }
</script>
...then you can call pageTracker._trackPageview('/My-Virtual-URL'); with your 'virtual' URLs at will - perfect for recording javascript events and AJAX navigation changes :)
I've been looking at alternatives to Team Foundation Server for my latest project's continuous integration tool... and I think I've found it!
Hudson was suggested to me by a colleague (Jonathan Relf) after his attempts with Cruise Control became a little frustrating.
You'll have Hudson installed and building your projects in under an hour unless you're stupid or get carried away with the large number of plugins, including a Chuck Norris plugin ;)
I particularly enjoyed...
I'll keep you posted with how I get on.
Unit test names can be horribly long and misleading at times. I particularly hate...
AMethod_That_IS_Long_n_HasUnderscores_AT_Random_Points
Naming them in a concise, clear manner is important but consistency is the key. I use a simple convention to help me with naming my test methods that I've seen others use.
// MethodNameBeingTested_Input_Output ToySearch_WhenNoToysFound_ReturnsZeroToysFoundView
Steve Sanderson suggested (on his blog) that we call this naming convention SSR (Subject, Scenario, Result), sounds good to me :)
I don't want to pick on IE again (it has been less than 24 hours since my last post about IE), but I'm afraid I have to. I've been working on a new project recently that makes use of AJAX. I usually develop in Firefox and then fix all my IE problems afterwards. This time however one of my AJAX areas of the site seemed to rarely update in IE (if at all), other browsers were fine.
After some playing around I came to the conclusion that IE was caching my AJAX requests. You could argue that IE is right to cache the requests, as the HTTP spec states that GET requests should be cached. But given the browser knows a XMLHttpRequest is being made the caching is completely uneccessary/unwanted. Once I knew the problem the fix was easy. I just needed to append something random to the request URI, a number or timestamp for example.
So instead of requests to /Resource, just use /Resource?ie={random}. It's fairly straight forward to generate a random number in Javascript:
// Random number between 0 and 100 Math.floor(Math.random()*101);
Realising that I wouldn't be alone in tackling the issue I found people used similar tactics to get around the problem. Another neat way is to change the request to be a POST.
IE6 we haven't been friends for a while now. We haven't been able to sit at the same desk for some time, around seven years without an argument starting.
Needless to say I am not in the least bit sad to hear you are finally being ousted by your makers; Microsoft are trying to get the heavily used browser's users to upgrade. Although web savvy users have updated their browser, Microsoft is targeting the tough cookies and touting its own IE 8 as a better alternative.
It's about time :)
I used SyntaxHighlighter before on my last blog and it is perfect for putting snippets of code up with your blog posts. Looks like its come on a treat too and even offers hosted source files for those of us without access to file hosting (and those of us too lazy). Would like to see them using a CDN for the hosted files though - maybe the Amazon S3 service.
Plugging the highlighter couldn't be easier, just refererence a few CSS and JS files. There's a quick explanation here of getting the hosted version working on your blog.
Example using syntax highlighter...
string output = "SyntaxHighlighter is brillo!"; // Tell the world... Console.WriteLine(output);